Is This the Same Code? A Comprehensive Study of Decompilation Techniques for WebAssembly Binaries
摘要
WebAssembly (abbreviated WASM) is a low-level bytecode language designed for client-side execution in web browsers. As WASM continues to gain widespread adoption and its security concerns, the need for decompilation techniques that recover high-level source code from WASM binaries has grown. However, little research has been done to assess the quality of decompiled code from WASM. This paper aims to fill this gap by conducting a comprehensive comparative analysis between decompiled C code from WASM binaries and state-of-the-art native binary decompilers. To achieve this goal, we presented a novel framework for empirically evaluating C-based decompilers from various aspects, thus assessing the proficiency of WASM decompilers in generating readable and correct code when compared to native binary decompilers. Specifically, we evaluated the decompiled code’s correctness, readability, and structural similarity with the original code from current WASM decompilers. We validated the proposed metrics’ practicality in decompiler assessment and provided insightful observations regarding the characteristics and constraints of existing decompiled code. By encouraging improvements in these tools, we seek to enhance their use in critical tasks such as auditing and sandboxing third-party libraries. This, in turn, contributes to bolstering the security and reliability of software systems that rely on WASM and native binaries.